Windows Vista has critical bugs

Stan Beer
Friday, 18 August 2006 09:37

Your IT - Home IT

Windows users who had hoped that the Vista operating system will consign Patch Tuesday to the annals of history can think again. Microsoft has confirmed through one of its blogs that two of the seven critical Windows patches released last week also apply to Vista.

Vista is clear of the most serious flaw discovered, MS06-40, which raised the ire of the Department of Homeland Security. However, the two flaws which affect Vista are still in the critical class, which means that a remote attacker can gain control of a computer without the user having to initiate any action.

The two vulnerabilities which affect Vista are addressed by Microsoft security updates MS06-042, which plugs a hole in Internet Explorer, and MS06-051 which patches a vulnerability in the Windows Vista kernel itself.

Needless to say, intending Windows Vista users will not be happy to hear that after all the work Microsoft has put into addressing the substantial security issues faced in versions to date, the best it come up with for its operating system of the future is two critical bugs that need to be fixed in a single month.

To be sure, the fact that just two critical bugs need to be patched instead of the seven for the current version of Windows is a substantial improvement. However, the revelation that patches are needed for Vista this month makes a mockery of the suggestion by a Windows marketing manager a few months ago that Vista will make Patch Tuesday a thing of the past.

Another issue is the fact that the Microsoft blogger, Alex Heaton from Windows Vista Security, indicates in his blog that Microsoft had received: "multiple inquires from Windows Vista beta testers asking if their systems are affected by the security bulletins released last week." The question is, why would the beta testers need to ask - were they not automatically informed? The answer is no. As Heaton says in his blog: "Microsoft does not include information about beta products in formal security bulletins."

So for the cost of US$1.50 you too can download an operating system that has possible security vulnerabilities but don't expect Microsoft to tell you about them - find out for yourself.